A man set up fake Wi-Fi to steal people's data – here's how to stay safe

A close-up of a woman in an airport using a smartphone
(Image credit: Getty Images)

A Western Australian man is facing nine cybercrime charges related to setting up fake Wi-Fi networks at airports and on flights to steal unsuspecting travellers' data.

The scheme was discovered in April after a domestic flight in Australia noticed a suspicious Wi-Fi network had appeared during the flight.

The Australian Federal Police (AFP) has alleged that the 42-year-old Perth resident stole travellers' data by setting up "evil twin" networks – so called because they are virtually indistinguishable from safe Wi-Fi networks, meaning it is very difficult to tell if these Wi-Fi networks are unsafe.

The man allegedly set up these evil twin networks at multiple different airports including Melbourne, Adelaide and Perth, as well as on domestic flights and other locations which, according to the police, were linked to the man's previous employment.

Young Asian woman using smartphone surrounded by commuters rushing by in subway station during office peak hours in the city

(Image credit: Getty Images)

Victims' data was allegedly stolen after they logged into the evil twin Wi-Fi via a dummy page that asked them to enter their social media login information or personal details. This information was then saved and could have been used to access further personal information from victims, including their bank details, photos, videos or online communications.

The Australian Federal police searched the man's baggage and said they had discovered a laptop, mobile phone and portable wireless device. He was then arrested and charged him with possession of data with the intent to commit a serious offence, unauthorised access or modification of restricted data, unauthorised impairment of electronic communication, a possession of identification offence, and dishonestly obtaining personal financial information following a second search of his home in Perth.

Speaking about the case, Detective Inspector Andrea Coleman of the AFP's cybercrime division, reminded citizens that they should not have to enter any personal details – for example having to log on with their social media account or email address – when logging into public Wi-Fi.

She urged all those who had attempted to log in to free Wi-Fi networks either on domestic flights or in airports to report any suspicious activity to the police and to change their passwords.

She also recommended that travelers use a VPN and disable filesharing on their devices.

How can I stay safe when connecting to public Wi-Fi?

While public Wi-Fi may seem tempting, it's important to recognise the real dangers that these Wi-Fi networks pose.

In general, it's important to be wary of public Wi-Fi networks – do not access any sensitive content or information while on public Wi-Fi, for example your online banking account.

There are some other steps you can take to further protect yourself on public Wi-Fi, as explained below:

Group of people standing in queue at boarding gate

(Image credit: Getty Images)

Use a VPN

A VPN, or virtual private network, is a piece of software that encrypts your internet connection and prevents others from snooping on your internet activity.

While a VPN will not protect you if you manually enter your personal information into a website, it does prevent your browsing data from being viewed while you are using an insecure Wi-Fi network.

This is why, if you use public Wi-Fi frequently, it is a good idea to use a VPN while connected as it adds a layer of security not otherwise found on public Wi-Fi.

Another benefit is that most, if not all, of the best VPNs offer extra cybersecurity tools alongside their VPN offers, giving you extra security while you're online.

Mask your email address

You may be already aware of email masking, if (for example) you use an Apple phone – if you have gone to enter your email into a site for whatever reason, you may have seen a pop-up that asks if you want to use HideMyEmail for this site.

This is email masking – using a generated email address that relays any information sent to it to you without having to enter your actual email address.

You can even go one step further and use cybersecurity tools that completely mask your identity, including your email address, phone number and even your name. One of these options is from the providers of one the best VPNs, Surfshark.

Surfshark's Alternative ID feature generates you a persona to use online that will relay information to your phone and/or email address without you inputting your actual personal information. 

No matter what kind of personal information masking you use, it prevents your real information from falling into the hands of scammers or hackers.

Olivia Powell
Tech Software Commissioning Editor

Olivia joined Tom's Guide in October 2023 as part of the core Future Tech Software team, and is the Commissioning Editor for Tech Software. With a background in cybersecurity, Olivia stays up-to-date with all things cyber and creates content across TechRadar Pro, TechRadar and Tom’s Guide. She is particularly interested in threat intelligence, detection and response, data security, fraud prevention and the ever-evolving threat landscape.